Lucene search
K

1558 matches found

OSV
OSV
added 2026/04/27 11:33 a.m.5 views

USN-8192-2 ntfs-3g vulnerabilities

USN-8192-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Jeffrey Bencteux discovered that NTFS-3G incorrectly handled certain UTF-8 sequences. An attacker could use this issue to cause NTFS-3G to crash, resulting in...

8.4CVSS5.9AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 6:31 p.m.6 views

EUVD-2026-24980

The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...

5.5CVSS5.7AI score0.00134EPSS
Exploits1References2
CVE
CVE
added 2026/04/22 4:9 p.m.13 views

CVE-2026-35375

CVE-2026-35375 concerns the uutils coreutils split utility, where a logic error causes output filenames to be corrupted when given non-UTF-8 prefixes/suffixes. The code uses to_string_lossy() to build chunk filenames, which rewrites invalid bytes as the UTF-8 replacement character (U+FFFD). Unlik...

3.3CVSS5.7AI score0.00143EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:7 p.m.5 views

CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

3.3CVSS5.8AI score0.00176EPSS
Exploits1References3
CVE
CVE
added 2026/04/22 4:7 p.m.10 views

CVE-2026-35346

The CVE-2026-35346 entry concerns the uutils coreutils comm implementation; it is affected by a flaw where the program uses String::from_utf8_lossy() and, as a result, applies lossy UTF-8 conversion to all output lines. This causes data corruption when comparing binary files or files with non-UTF...

3.3CVSS5.8AI score0.00176EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.12 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line tool set developed by Uutils Open Source. uutils coreutils has a security vulnerability, which stems from a logical error in the ln function. This error may cause failures when processing filenames that are not in UTF-8 encoding, resulting in...

5.5CVSS5.8AI score0.00121EPSS
Exploits1References1
OSV
OSV
added 2026/04/17 3:12 p.m.7 views

CLSA-2026-1776438719 Fix CVE(s): CVE-2026-32636

SECURITY UPDATE: heap buffer overflow in UTF-16 to UTF-8 conversion - debian/patches/CVE-2026-32636.patch: allocate length+1 instead of length in ConvertUTF16ToUTF8 in magick/xml-tree.c to make room for the null terminator. - CVE-2026-32636...

7.5CVSS6AI score0.00475EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/04/13 3:31 p.m.6 views

bson_validate may skip validation when processing certain inputs

The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...

7.5CVSS5.2AI score0.00184EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/13 3:31 p.m.35 views

CVE-2026-6231 bson_validate may skip validation when processing certain inputs

The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...

5.3CVSS0.00184EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/13 3:31 p.m.4 views

CVE-2026-6231

The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...

7.5CVSS5.3AI score0.00184EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 11:3 a.m.8 views

Security Bulletin: Integer Overflow Leading to Packet Corruption in Eclipse Paho Go MQTT, affects watsonx.data

Summary Eclipse Paho Go MQTT version 1.5.0 contains an integer overflow issue when handling UTF-8 strings longer than 65535 bytes. Improper length conversion can cause malformed MQTT packets, potentially leading to data leakage between fields e.g., topic data leaking into message body. This can...

6.3CVSS7.1AI score0.00197EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.11 views

SUSE CVE-2026-34831

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References6
CVE
CVE
added 2026/04/02 4:43 p.m.23 views

CVE-2026-34831

Rack: The vulnerability CVE-2026-34831 affects Rack::Files#fail, which uses String#size to set Content-Length instead of String#bytesize. When responses include multibyte UTF-8, Content-Length may be too small, causing HTTP framing issues and potential response desynchronization. The issue can be...

6.5CVSS5.8AI score0.00147EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.5 views

SUSE SLES12 Security Update : perl-XML-Parser (SUSE-SU-2026:1152-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1152-1 advisory. - CVE-2006-10002: heap buffer overflow in parsestream when processing UTF-8 input streams bsc1259901. - CVE-2006-10003: off-by-one heap buffer...

9.8CVSS6.2AI score0.00604EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/29 3:27 p.m.5 views

OpenCC has an Out-of-bounds read when processing truncated UTF-8 input

Summary OpenCC versions before 1.2.0 contain two CWE-125: Out-of-bounds Read issues caused by length validation failures in UTF-8 processing. When handling malformed or truncated UTF-8 input, OpenCC trusted derived length values without enforcing the invariant that processed length must not excee...

6AI score
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.5 views

EulerOS 2.0 SP13 : libpcap (EulerOS-SA-2026-1246)

According to the versions of the libpcap package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4...

1.9CVSS5.8AI score0.00102EPSS
Exploits0References3
Cisco
Cisco
added 2026/03/04 4:0 p.m.10 views

ClamAV Cascading Style Sheets Image Parsing Error Handling Denial of Service Vulnerability

A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...

5.3CVSS6AI score0.00414EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 10:45 a.m.9 views

CLSA-2026-1772102739 openssl: Fix of CVE-2025-69419

CVE-2025-69419: fix one-byte write-before-buffer triggered by malicious PKCS12 BMPString containing non-ASCII BMP code point; validate UTF8putc return and use correct destination capacity during conversion from UTF-16BE into UTF-8...

7.4CVSS7.2AI score0.00444EPSS
Exploits1References1
NVD
NVD
added 2026/01/20 9:16 p.m.8 views

CVE-2025-59464

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...

7.5CVSS0.0023EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 8:41 p.m.4 views

CVE-2025-59464

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...

6.5CVSS5.9AI score0.0023EPSS
Exploits0References3
Rows per page
Query Builder